On 15.05.19 14:18, Wall, Stephen wrote:
New CPU microcode may be available in a BIOS update from your system vendor,
or by installing the devcpu-data package or sysutils/devcpu-data port.
Ensure that the BIOS update or devcpu-data package is dated after 2014-05-14.
If using the package or port the microcode update can be applied at boot time
by adding the following lines to the system's /boot/loader.conf:
cpu_microcode_load="YES"
cpu_microcode_name="/boot/firmware/intel-ucode.bin"
Is this applicable in a virtualized environment, or only on bare metal?
If not applicable in a VM, is it at least harmless?
Afaik you can't modify the microcode inside a VM, but give them time.
I'm sure Intel optimized that security check away as well in some corner
case yet to be discovered.
_______________________________________________
[email protected] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "[email protected]"
